MAL-2026-6516: Malicious code in inlifegram (PyPI)
The inlifegram package on PyPI versions 2.1.2.8 and 2.1.2.9 contains malicious code that acts as a backdoor within a modified Telegram bot library. This obfuscated code activates when a user starts their own bot application, enabling hardcoded users to execute arbitrary commands in the bot's environment. The package is a clone of a legitimate package but includes remote access trojan (RAT) capabilities targeting Telegram bots.
AI Analysis
Technical Summary
The inlifegram PyPI package versions 2.1.2.8 and 2.1.2.9 have been identified as malicious. The package contains obfuscated code that, upon execution, attaches backdoor commands to a Telegram bot, allowing hardcoded users to remotely execute commands in the bot's environment. This behavior classifies the package as a remote access trojan (RAT) and a malicious clone of a legitimate package. The malicious code is hidden within the library usage, making detection more difficult.
Potential Impact
Users who install and run the affected versions of the inlifegram package risk unauthorized remote command execution by attackers with hardcoded access. This can lead to full compromise of the environment where the bot runs, potentially allowing data theft, system manipulation, or further malware deployment. The malicious functionality is specifically designed to target Telegram bot environments.
Mitigation Recommendations
No official patch or remediation has been provided for this malicious package. Users should immediately cease using versions 2.1.2.8 and 2.1.2.9 of inlifegram and remove them from their environments. It is recommended to verify the integrity and source of any Telegram bot libraries used and rely only on trusted, verified packages from official sources. Monitor for any suspicious activity related to Telegram bots and consider rotating credentials or secrets that may have been exposed.
MAL-2026-6516: Malicious code in inlifegram (PyPI)
Description
The inlifegram package on PyPI versions 2.1.2.8 and 2.1.2.9 contains malicious code that acts as a backdoor within a modified Telegram bot library. This obfuscated code activates when a user starts their own bot application, enabling hardcoded users to execute arbitrary commands in the bot's environment. The package is a clone of a legitimate package but includes remote access trojan (RAT) capabilities targeting Telegram bots.
Affected software
Run on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The inlifegram PyPI package versions 2.1.2.8 and 2.1.2.9 have been identified as malicious. The package contains obfuscated code that, upon execution, attaches backdoor commands to a Telegram bot, allowing hardcoded users to remotely execute commands in the bot's environment. This behavior classifies the package as a remote access trojan (RAT) and a malicious clone of a legitimate package. The malicious code is hidden within the library usage, making detection more difficult.
Potential Impact
Users who install and run the affected versions of the inlifegram package risk unauthorized remote command execution by attackers with hardcoded access. This can lead to full compromise of the environment where the bot runs, potentially allowing data theft, system manipulation, or further malware deployment. The malicious functionality is specifically designed to target Telegram bot environments.
Mitigation Recommendations
No official patch or remediation has been provided for this malicious package. Users should immediately cease using versions 2.1.2.8 and 2.1.2.9 of inlifegram and remove them from their environments. It is recommended to verify the integrity and source of any Telegram bot libraries used and rely only on trusted, verified packages from official sources. Monitor for any suspicious activity related to Telegram bots and consider rotating credentials or secrets that may have been exposed.
Technical Details
- Gcve Source
- db.gcve.eu
- Osv Id
- MAL-2026-6516
- Osv Schema Version
- 1.7.4
- Aliases
- []
- Ecosystems
- ["PyPI"]
- Database Specific Severity
- null
- Cvss Version
- null
Threat ID: 6a3ef7b127e9c79719ffb930
Added to database: 06/26/2026, 22:05:37 UTC
Last enriched: 06/26/2026, 22:30:22 UTC
Last updated: 06/26/2026, 22:30:22 UTC
Views: 2
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.